Monday 24 November 2014

Canggih ‘State-Sponsored’ yang ditaja' Alat PENGINTIP Infrastruktur disasarkan KERAJAAN, Selama bertahun-TAHUN . . .

Srikandi Malware canggih yang digelar Regin telah digunakan untuk mengintip kerajaan, operator infrastruktur dan sasaran berprofil tinggi lain, syarikat kese-lamatan Symantec telah mendedahkan. Ia juga disasarkan individu dan perniagaan swasta, terutamanya di Rusia.

Trojan memaparkan jenis-pintu belakang "tahap kecekapan teknikal yang jarang2 dilihat," kata Symantec dlm satu kenyataan akhbar. Kerumitan virus yg membo-lehkan penceroboh utk mewujudkan rangka kerja bagi pengawasan besar-besaran.

Sasaran termasuk syarikat-syarikat swasta, entiti kerajaan & pemikir penyelidikan. Serangan ke atas syarikat-syarikat telekom telah dikatakan telah dijalankan untuk mendapatkan akses kepada panggilan dihalakan melalui infrastruktur mereka.

Syarikat itu percaya bahawa Trojan telah mungkin dibangunkan oleh ‘nation state’ kerana ia mengambil bulan, jika tidak tahun untuk membangunkan suatu perisian dan menutup trek. Menganalisis keupayaan selanjutnya syarikat itu telah menarik kesimpulan bahawa Regin boleh menjadi salah satu utama alat pengintipan siber yang digunakan oleh ‘negara bangsa/nation state’ yang terlibat.

Hampir satu 1/3 daripada jangkitan disahkan ditemui di Rusia dengan 24 % peratus lagi di Arab Saudi. Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria dan Pakistan juga dalam senarai.

"Regin adalah ancaman yg sangat kompleks yg telah digunakan dlm pengumpulan data atau pengumpulan maklumat risikan kempen sistematik. Pembangunan dan operasi malware ini akan memerlukan sumber & masa yg lama, "kata Symantec.

Symantec mendapati virus itu telah digunakan antara 2008 dan 2011, sebelum tiba-tiba ditarik balik sehingga versi baru malware itu muncul kembali pada 2013 dan seterusnya.

Regin menggunakan pendekatan modular membenarkan ia untuk memuatkan ciri muat sasaran thatexactly, membolehkan mengintip yang disesuaikan. "Reka bentuk menjadikan ia sangat sesuai utk operasi pemantauan jangka panjang yg berte-rusan, berbanding sasaran," syarikat keselamatan itu berkata ‘says.

Dan ianya 5 peringkat seni bina loading dengan penyulitan khas dan tersembunyi di setiap peringkat menjadikannya serupa dengan ancaman Duqu/Stuxnet, kata Symantec.

"Melaksanakan peringkat pertama bermula rantai domino daripada penyahsulitan dan pemuatan setiap peringkat berikutnya untuk sejumlah 5 peringkat. Setiap peringkat individu menyediakan sedikit maklumat tentang pakej yang lengkap.

Hanya dengan memperoleh semua 5 peringkat adalah mungkin untuk menganalisis dan memahami ancaman, "kenyataan akhbar yang berbunyi. Tambahan pula Regin dilengkapi dgn beberapa ciri2 stealth supaya walaupun selepas kehadiran Trojan ini dikesan, ia adalah "sangat sukar untuk menentukan apa yang ia lakukan."

Para penyelidik mengatakan banyak komponen virus itu kekal belum ditemui manakala ancaman fungsi tambahan dan versi masih boleh wujud.


SOPHISTICATED ‘State-Sponsored’ SPYING tool targeted GOVTS, Infrastructure for YEARS . . .

A sophisticated malware dubbed Regin has been used to spy on governments, infrastructure operators and other high-profile targets, security company Symantec has revealed. It also targeted private individuals and businesses, particularly in Russia.

A back door-type Trojan displays a “degree of technical competence rarely seen,” Symantec said in a press release. The complexity of the virus enabled the intruder to create a framework for mass surveillance. Targets include private companies, government entities and research think tanks. Attacks on telecoms companies were allegedly carried out to gain access to calls being routed through their infras-tructure.

The company believes that the Trojan was likely developed by a nation state as it took months, if not years to develop such a piece of software and cover up its tracks. Analyzing its further capabilities the company has drawn a conclusion that Regin could be one of the main cyber espionage tools used by the implicated nation state.

Almost a third of the confirmed infections were discovered in Russia with a further 24 percent in Saudi Arabia. Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan are also on the list.

“Regin is a highly complex threat which has been used in systematic data collection or intelligence gathering campaigns. 

The development and operation of this malware would have required a significant investment of time and resources,” Symantec said.

Symantec found that the virus has been used between 2008 and 2011, before being suddenly withdrawn until a new version of the malware resurfaced from 2013 onwards.

Regin uses a modular approach allowing it to load features thatexactly fit the target, enabling a customized spying. “Its design makes it highly suited for persis-tent, long-term surveillance operations against targets,” the security company says.

And it’s five-stage loading architecture with special and hidden encryption at each stage makes it similar to Duqu/Stuxnet threats, Symantec said. “Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat,” the press release reads. Furthermore Regin is equipped with a number of stealth features so that even after Trojan’s presence is detected, it is “very difficult to ascertain what it is doing.”

Researchers say many components of the virus remain undiscovered while the threat of additional functionality and versions may still exist.

READ MORE: http://on.rt.com/uxgtj9

No comments:

Post a Comment

LinkWithin

Related Posts Plugin for WordPress, Blogger...